Gitiles
Code Review Sign In
gerrit.opencord.org / ansible / role / keycloak / 6a075af97167ddc690af05e1ddc1c941fd62bbf7^! / . / tasks
commit6a075af97167ddc690af05e1ddc1c941fd62bbf7[log] [tgz]
authorHung-Wei Chiu <hungwei@opennetworking.org>Thu Sep 09 22:33:06 2021 +0000
committerHung-Wei Chiu <hungwei@opennetworking.org>Mon Sep 13 18:26:15 2021 +0000
tree1afb1a2d6290984d138984d51ef0a86faee639ce
parent2dbf7bb69fe1b2d0e53cffa95ab7892925738b61 [diff]
INF-162 - Init role for keycloak

- Download the keycloak installation file
- Install service file
- Create admin account

Change-Id: I18ef42f072f0fc071cb448bc4ab7e0a388748054

diff --git a/tasks/Debian.yml b/tasks/Debian.yml
new file mode 100644
index 0000000..a3bd3ff
--- /dev/null
+++ b/tasks/Debian.yml

@@ -0,0 +1,22 @@
+---
+# keycloak tasks/Debian.yml
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+- name: Install Prerequisites Packages
+  apt:
+    name:
+      - "openjdk-{{ keycloak_java_version }}-jdk"
+    state: "present"
+    update_cache: true
+
+- name: Create systemd service unit files for keycloak services
+  template:
+    src: "{{ item }}.j2"
+    dest: "/etc/systemd/system/{{ item }}"
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  with_items:
+    - keycloak.service

diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..0df97e8
--- /dev/null
+++ b/tasks/main.yml

@@ -0,0 +1,77 @@
+---
+# keycloak tasks/main.yml
+#
+# SPDX-FileCopyrightText: © 2021 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+- name: include OS-specific tasks
+  include_tasks: "{{ ansible_os_family }}.yml"
+
+- name: Create group for Keycloak
+  group:
+    name: "{{ keycloak_groupname }}"
+
+- name: Create user for Keycloak
+  user:
+    name: "{{ keycloak_username }}"
+    group: "{{ keycloak_groupname }}"
+    comment: "{{ keycloak_comment }}"
+    shell: "{{ keycloak_shell }}"
+    system: true
+    password_lock: true
+
+- name: Create keycloak dist directory
+  file:
+    path: "{{ keycloak_dist_dir }}"
+    owner: "{{ keycloak_username }}"
+    group: "{{ keycloak_groupname }}"
+    state: directory
+    mode: 0700
+
+- name: Download keycloak
+  get_url:
+    url: "{{ keycloak_download_url }}"
+    dest: "{{ keycloak_dist_dir }}"
+    timeout: 30
+    checksum: "{{ keycloak_checksum }}"
+  become: true
+  become_user: "{{ keycloak_username }}"
+
+- name: Extract keycloak
+  unarchive:
+    remote_src: true
+    src: "{{ keycloak_dist_dir }}/keycloak-{{ keycloak_version }}.tar.gz"
+    dest: "{{ keycloak_base_dir }}"
+    owner: "{{ keycloak_username }}"
+    group: "{{ keycloak_groupname }}"
+    creates: "{{ keycloak_base_dir }}/keycloak-{{ keycloak_version }}"
+
+- name: Link Keycloak distro to working dir
+  file:
+    state: "link"
+    src: "{{ keycloak_base_dir }}/keycloak-{{ keycloak_version }}"
+    dest: "{{ keycloak_working_dir }}"
+
+- name: Check admin account
+  command:
+    chdir: "{{ keycloak_working_dir }}/bin/"
+    cmd: >
+      ./kcadm.sh get users
+      --server http://localhost:8080/auth
+      --realm master --user {{ keycloak_admin_username }}
+      --password {{ keycloak_admin_password }}
+  register: kcadm_result
+  changed_when: false
+  failed_when: false
+
+- name: Create admin account
+  command:
+    chdir: "{{ keycloak_working_dir }}/bin/"
+    cmd: >
+      ./add-user-keycloak.sh
+      --realm master --user {{ keycloak_admin_username }}
+      --password {{ keycloak_admin_password }}
+  when: kcadm_result.rc != 0
+  notify:
+    - "start-keycloak"
+    - "restart-keycloak"